> On May 24, 2016, 4:41 p.m., Nate Cole wrote: > > ambari-server/src/main/java/org/apache/ambari/server/controller/internal/RequestResourceProvider.java, > > lines 190-194 > > <https://reviews.apache.org/r/47783/diff/1/?file=1392703#file1392703line190> > > > > Should special permissions like this go right in the action definition > > itself? Would require finding out if the file is readable by non-root > > Ambari. Would help with having to hard code action names here.
I dont think I understand the issue. The request to create a Request resource with the command "check_host" needs to be processed to ensure that the user requesting this operation is authorized to do so. This check cannot be done anywhere else since we dont know until this point what the user is trying to do - that is without parsing the request data an additional time just for the authorization check. - Robert ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/47783/#review134630 ----------------------------------------------------------- On May 24, 2016, 1:48 p.m., Robert Levas wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/47783/ > ----------------------------------------------------------- > > (Updated May 24, 2016, 1:48 p.m.) > > > Review request for Ambari, Jonathan Hurley, Myroslav Papirkovskyy, and Nate > Cole. > > > Bugs: AMBARI-16851 > https://issues.apache.org/jira/browse/AMBARI-16851 > > > Repository: ambari > > > Description > ------- > > Cluster operator and the cluster admin must be allowed to add/delete hosts > but install of agents using /bootstrap fails with 403 > > > Diffs > ----- > > > ambari-server/src/main/java/org/apache/ambari/server/controller/internal/RequestResourceProvider.java > 5b318af > > ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilter.java > 5c74f07 > > ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog240.java > f4f614e > ambari-server/src/main/resources/Ambari-DDL-Derby-CREATE.sql 2c2d743 > ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql ee87cc5 > ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql a65df9c > ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql 6f38ec8 > ambari-server/src/main/resources/Ambari-DDL-Postgres-EMBEDDED-CREATE.sql > ca57de5 > ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql bd2e6d6 > ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql 9269b13 > > ambari-server/src/test/java/org/apache/ambari/server/controller/internal/RequestResourceProviderTest.java > 65efc63 > > ambari-server/src/test/java/org/apache/ambari/server/security/TestAuthenticationFactory.java > 69b4b08 > > ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog240Test.java > 6511cb4 > > Diff: https://reviews.apache.org/r/47783/diff/ > > > Testing > ------- > > Manually tested, newly created cluster and upgrade > > # Local test results: > [INFO] > ------------------------------------------------------------------------ > [INFO] BUILD SUCCESS > [INFO] > ------------------------------------------------------------------------ > [INFO] Total time: 1:15:22.164s > [INFO] Finished at: Tue May 24 13:28:21 EDT 2016 > [INFO] Final Memory: 59M/1807M > [INFO] > ------------------------------------------------------------------------ > > #Jenkins test results: PENDING > > > Thanks, > > Robert Levas > >
